Jul 7, 2007

If your computer starts talking to you and tells you that you are infected and your files have been deleted, it's not a joke. I REPEAT ITS NOT A JOKE! We have just seen this in the wild so if your computer is saying you are infected in the near future chances are you have just been infected by the BotVoice.A Trojan. This new malicious code detected by PandaLabs last week uses the Windows text reader to play the following sentences:

"You have been infected I repeat you have been infected and your system files have been deleted -- Sorry, have a nice day and bye bye."

These comments are repeated over and over again while the Trojan tries to delete the entire content of the computer's hard disk. Sometimes, BotVoice.A might not manage to delete all of the system files. However, this doesn't prevent it from rendering computers unusable as it modifies the Windows registry so that none of the programs installed on the computer nor the task manager can be run. It also disables the Windows registry editor in order to safeguard its malicious actions.

"This is a very unique Trojan. Not only does it delete computer files, but also makes fun of users. Meanwhile, it does everything necessary to make it impossible to stop its actions," explains Luis Corrons, Technical Director of PandaLabs.

This Trojan uses the usual means of propagation: P2P networks, physical storage devices, such as USB memory sticks, floppy disks or CD-ROMs, and downloads performed by other malware or from malicious web pages, etc. In cases of a new and previously unknown Trojan like BotVoice.A, the infection will not be prevented by traditional antivirus software which relies primarily on signature files of known malware..

Direct from Panda Labs:

Even when the Trojan is unable to wipe all files, it may still remove Windows files, which could stop all the programs installed on the machine functioning, PandaLabs warned.“This is a very peculiar Trojan,” said Luis Corrons, technical director of PandaLabs. “Not only does it delete computer files, it does everything necessary to make it impossible to stop its actions. In cases like this, it is important to prevent the infection, which makes proactive protection techniques, capable of detecting unknown threats, a necessity.”Researchers said the malware is spreading via a variety of methods, including physical storage devices, such as USB sticks, floppy discs and CD-ROMs, and through visiting websites hosting malicious code and downloads performed by other viruses.

Make sure you are blocking P2P on your network to be safe. And still realize that those laptops that leave the office can come back infected. So make sure your security policies are up to snuff as Well! -TheAdmiN-